The Certificate Revocation List (CRL) Distribution Point (CDP) and Authority Information Access (AIA) extensions are important for certificate authorities (CAs) to publish their certificates correctly. To configure the CDP and AIA settings, the CA's DNS settings must be configured and the CDP and AIA settings must be enabled.
Additionally, the CAPolicy.inf file must be created or edited prior to Root CA service installation.
To publish the CRL and AIA on a separate web server, the IIS machine must be installed and configured, and the new AIA and CDP location must be configured on the CAs.
Finally, the new distribution point must be configured with the new location.
This article explains the differences between CDP and AIA extensions on Root CAs and in Root CA certificates. It explains how these extensions are used by the certificate chaining engine (CCE) to check for revocation and how to create or edit an CAPolicy.inf file prior to Root CA service installation. It also provides a syntax example for how to use the CAPolicy.inf file to avoid inclusion of AIA extensions in the self-signed certificate.
Root Certification Authority (CA) CDP and AIA extension question - PKI Extensions
This article provides instructions on how to configure the Certificate Revocation List (CRL) Distribution Point (CDP) and the Authority Information Access (AIA) settings on CA1. It explains how to set the CDP and AIA settings, as well as how to enable the CDP and AIA settings. It also provides tips on how to configure the CA's DNS settings and how to use the CA's CDP and AIA settings to ensure that users can access their certificates.
Configure the CDP and AIA Extensions on CA1 | Microsoft Docs
This article provides an overview of the Authority Information Access (AIA) and Certificate Revocation List Distribution Point (CDP) extensions, which are important to understand and implement correctly. It explains how to install and configure the IIS machine, configure the new AIA and CDP location on the CAs, and configure the new distribution point with the new location. It also provides an example of how to configure the AIA and CDP extensions with a multi-tier PKI, and provides tips on how to make the PKI infrastructure more flexible and reliable.
How to Publish the CRL and AIA on a Separate Web Server
displays certification authority (CA) configuration information, configures Certificate ... certfile is the name of the certificate file to publish.
certutil | Microsoft Docs
On the CA server, load Certification Authority , expand your CA, right-click Revoked Certificates , click All Tasks , and then click Publish . On the Publish CRL popup dialog box,…
How to Publish the CRL on a Separate Web Server
CDP Extension consist of two URI types: — for physical CRL file publishing . These URIs are not appeared in the certificate CDP extension. — for publishing in the certificate /CRL appropriate…
Add-CRLDistributionPoint - PKI Solutions LLC